| 开发者 | marc4 |
|---|---|
| 更新时间 | 2025年11月4日 04:38 |
| PHP版本: | 7.4 及以上 |
| WordPress版本: | 6.8 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, COOP/CORP.<head>./?author= by returning 404.⚠️ Important: The restrict REST API option and CSP can affect integrations and plugins. Test it in staging first.Privacy: the plugin does not send data to external services or create new tables. It only uses transients to count failed login attempts.
No. By default it allows the index and the oEmbed namespace for basic compatibility. The rest requires an authenticated user. If you need additional public routes, do not enable the restriction or create specific solutions in your theme/plugin (with their permission_callback).
By default, rate limiting takes the IP from REMOTE_ADDR. If you use a trusted proxy (CDN/load balancer), define in wp-config.php:
define('WPH_TRUST_PROXY', true);
With that, the plugin will try to use HTTP_CF_CONNECTING_IP or X-Forwarded-For (first element), validating the IP.
X-Frame-Options: SAMEORIGIN, X-Content-Type-Options: nosniff, Referrer-Policy: strict-origin-when-cross-origin, Permissions-Policy: geolocation=(), microphone=(), camera=(), Cross-Origin-Opener-Policy: same-origin, Cross-Origin-Resource-Policy: same-origin, and optionally Strict-Transport-Security and Content-Security-Policy (with nonce).
Yes. uninstall.php deletes the main option and the rate-limit transients.